The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Network security incidents comprise several events, steps or actions that an attacker takes to compromise a targeted network and extract proprietary data. Such steps may include scanning potential targets, initial infection, library download, or communication with a command and control server. The events can be identified from a sequence of proxy logs of network traffic communication, which are usually created and stored automatically by routers, switches, servers or other network infrastructure. Log records typically are collected in five-minute batches. Features from individual proxy logs can be computed and used in a software-based classifier to identify events; sometimes, the features extracted from the proxy log fields are used to classify each proxy log by itself.
Long short-term memory (LSTM) architectures have been proposed to address the difficulties of training recurrent neural networks (RNNs) due to exploding and vanishing gradients. The exploding gradient problem can be addressed by limiting the gradient by an upper threshold. A character-level RNN can be used to classify text sentences, by training the RNN in an unsupervised way to predict the next character in the sequence to build a neural translation model. LSTMs have been used to provide text description of images and videos.